CVE-2014-6271

Standard-Unix-Shell Bash erlaubt das Ausführen von Schadcode

Ob das eigene System verwundbar ist, findet man laut Red Hat heraus, indem man in Bash den folgenden Befehl ausführt:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Gibt die Shell die Zeichenfolge vulnerable aus, ist sie verwundbar.

bash

 

 

 

 

 

Weiterführende Links:

[icon name=”arrow-circle-right” class=”” unprefixed_class=””] CVE-2014-6271: remote code execution through bash
[icon name=”arrow-circle-right” class=”” unprefixed_class=””] Redhat CVE-2014-7169
[icon name=”arrow-circle-right” class=”” unprefixed_class=””] Redhat: Bash specially-crafted environment variables code injection attack
[icon name=”arrow-circle-right” class=”” unprefixed_class=””] Patch Bash NOW: ‘Shell Shock’ bug blasts OS X, Linux systems wide open
[icon name=”arrow-circle-right” class=”” unprefixed_class=””] Cert.at
[icon name=”arrow-circle-right” class=”” unprefixed_class=””] Cert.at Update29.09.2014

ATVIRTUAL.NET KG